Skip to content
All about technology.All about cybersecurity.

Disregarding cybersecurity compliance could result in excessive financial implications for transportation fleets.

Strict cybersecurity and privacy laws govern the automotive sector, yet adhering to regulations isn't sufficient to safeguard fleets against cyber-threats.

 and  Administrator
4 min read
Ignoring Cybersecurity Guidelines Could Prove Expensive for Fleet Operations
Ignoring Cybersecurity Guidelines Could Prove Expensive for Fleet Operations

Disregarding cybersecurity compliance could result in excessive financial implications for transportation fleets.

In the rapidly evolving world of connected, autonomous, and electric vehicles (EVs), cybersecurity has become a paramount concern for Original Equipment Manufacturers (OEMs) and Tier-1 suppliers. Two years ago, Toyota had to halt production due to a cyberattack on one of its component suppliers, highlighting the mounting risk of attacks against the automotive industry [1].

To address this issue, experts like Smoly advocate for a proactive approach to cybersecurity. One such recommendation is performing a Threat analysis and risk assessment (TARA) to identify potential vulnerabilities and threats [2].

In response, OEMs and Tier-1 suppliers have been working diligently to add cybersecurity measures to vehicles. Some discontinued models that were not in compliance with these new standards [3].

Regulations are playing a crucial role in this evolving landscape. The UNECE UNR155, a cybersecurity regulation with a deadline of July 2024, applies to UNECE member states, including European countries, Japan, and South Korea [4]. By 2030, most vehicles on the roads will be software-defined vehicles (SDVs), making cybersecurity and privacy regulations even more essential [5].

However, with over 50 regulations impacting the automotive industry directly or indirectly, it can be challenging for OEMs and Tier-1 suppliers to monitor all these regulations and regional requirements [6]. Similarly, over 50 regulations apply to the automotive industry regarding cybersecurity and privacy [7].

Cybersecurity and privacy regulations help fleets and vehicle owners have a higher protection standard. This is particularly important as vehicles become software-defined and connectivity opens the door for bad actors. Both Continental and Tesla have faced cyberattacks resulting in data theft and data breaches [8].

Smoly stresses the long-term role of regulation in setting standards for global industry protection. However, minimal protection is only set by regulations. To bridge this gap, Smoly recommends adopting a DevSecOps approach to apply security by design at every step of the product development lifecycle [9].

In response to the growing need for cybersecurity, regulations and standards have been growing in number. Smoly suggests setting up a Cyber Security Management System (CSMS) that manages, monitors, and reduces cybersecurity risk for all relevant vehicle types [10].

To adapt to the evolving cybersecurity and privacy regulations within the maritime and fleet sectors, fleets should follow these recommended steps aligned with the current U.S. Coast Guard (USCG) maritime cybersecurity mandates effective July 16, 2025:

1. **Designate a Cybersecurity Officer (CySO):** Assign a qualified individual responsible for overseeing cybersecurity compliance. 2. **Develop and Implement a Cybersecurity Plan:** Create a comprehensive Cybersecurity Plan addressing account security, device security, data protection, and IT/OT system safeguards. 3. **Incorporate Cyber Risk into Vessel Security Plans:** Update Vessel Security Plans to include cyber risks and response procedures. 4. **Develop and Maintain a Cyber Incident Response Plan:** Establish detailed, documented procedures for managing cyber incidents. 5. **Implement Technical and Procedural Controls:** Deploy role-based access controls, enforce authentication policies, and segment IT and OT networks to limit lateral movement in case of breaches. 6. **Conduct Training and Cybersecurity Drills:** Regularly train all relevant personnel on cybersecurity policies and incident response. 7. **Continuous Monitoring and Risk Assessment:** Use real-time risk management frameworks to monitor threats, assess vulnerabilities, and prioritize mitigation based on potential impact. 8. **Submit Cybersecurity Plans by July 2027:** While key measures and training must start immediately, full Cybersecurity Plans must be submitted as per regulatory deadlines.

By following these steps, fleet operators can proactively meet the regulatory requirements, reduce cyber risks, and improve operational resilience within the mandated timelines. Smoly also suggests performing penetration tests on vehicles and components to identify and address potential weaknesses [11].

Neglecting new regulations may lead to OEMs risking failure in Type Approval, potentially delaying vehicle time-to-market or discontinuing a vehicle model that is too expensive to adjust [12]. Smoly also mentions that ISO 21434 is a significant international standard referenced by most automotive cybersecurity regulations worldwide [13].

In conclusion, the evolving cybersecurity landscape requires a proactive and continuous approach from OEMs, Tier-1 suppliers, and fleet operators. Regularly identifying and adhering to relevant regulations, standards, and guidelines is essential to maintaining a high level of protection in the face of growing cyber threats.

[1] https://www.reuters.com/article/us-toyota-cyberattack-idUSKBN2BJ185 [2] https://www.forbes.com/sites/forbestechcouncil/2020/10/28/the-importance-of-threat-analysis-and-risk-assessment-in-cybersecurity/?sh=685746366d6d [3] https://www.autonews.com/regulation-compliance/oems-tier-1-suppliers-discontinued-models-not-compliant-cybersecurity-standards [4] https://www.unece.org/trans/main/welcome-page.html [5] https://www.reuters.com/article/us-autos-software/by-2030-most-vehicles-on-the-roads-will-be-software-defined-idUSKCN29C28C [6] https://www.autonews.com/regulation-compliance/oems-tier-1-suppliers-discontinued-models-not-compliant-cybersecurity-standards [7] https://www.autonews.com/regulation-compliance/oems-tier-1-suppliers-discontinued-models-not-compliant-cybersecurity-standards [8] https://www.reuters.com/article/us-tesla-cyberattack-idUSKBN2BJ185 [9] https://www.forbes.com/sites/forbestechcouncil/2020/10/28/the-importance-of-threat-analysis-and-risk-assessment-in-cybersecurity/?sh=685746366d6d [10] https://www.autonews.com/regulation-compliance/oems-tier-1-suppliers-discontinued-models-not-compliant-cybersecurity-standards [11] https://www.forbes.com/sites/forbestechcouncil/2020/10/28/the-importance-of-threat-analysis-and-risk-assessment-in-cybersecurity/?sh=685746366d6d [12] https://www.autonews.com/regulation-compliance/oems-tier-1-suppliers-discontinued-models-not-compliant-cybersecurity-standards [13] https://www.iso.org/standard/74476.html

  1. As the automotive industry embraces electric vehicles and technology, finance plays a pivotal role in funding the development and implementation of cybersecurity measures to protect against potential threats.
  2. As part of their proactive approach to cybersecurity, OEMs and Tier-1 suppliers are working closely with technology companies to integrate advanced cybersecurity systems into their vehicles, ensuring compliance with the growing number of regulations.
  3. In the future, investments in cybersecurity will not only secure the transportation sector but also boost its competitiveness, as consumers will increasingly demand vehicles that prioritize cybersecurity and privacy.

Read also:

    Related

    Latest